In this lab, I will go through the process of setting up a vulnerability management environment in Azure. I look to learn how to configure and utilize OpenVAS, a vulnerability scanner, to identify and assess security vulnerabilities in a Windows virtual machine (VM). Additionally, I will perform uncredentialed scans, and credentialed scans, apply remediations, and verify the effectiveness of the remediation measures.
- Computer with Internet access
- Azure Account (Free subscription may be sufficient)
- Access to Azure Portal
- Sign up:
https://azure.microsoft.com/en-us/free/ - Login:
https://portal.azure.com
- Sign up:
Lab Steps:
- Access the Azure Portal and navigate to the Marketplace.
- Search for "OpenVAS secured and supported by HOSSTED" and select it.
- Choose a pre-set configuration and create the VM with specified settings.
- Virtual Machine Settings
| Setting | Value |
|---|---|
| Resource Group: | Vulnerability-Management |
| VM Name: | OpenVAS (Take note of the region and Vnet–consider East US ) |
| Region: | East US (make sure to note the region and Vnet) |
| Authentication: | Password (Provide Username/Password) |
-
On the Disk Tab, Networking, Management, and Advanced we will let them remain as their default Settings.
-
For the Monitoring tab, we will disable boot diagnostics as it will not be needed in the lab. You can learn more about boot diagnostics here.
-
Review Create → Create
-
Connect to the OpenVAS VM via SSH using PowerShell (Windows) or Terminal (MacOS).
-
Wait until the OpenVAS deployment completes and access the web app URL (For this example:
https://172.190.177.16.c.hossted.com).
-
Log in with provided credentials or try admin/admin if needed (admin/admin was used below).
-
Reset the admin password to a password of your choosing in the example I will be using "incorrect".
-
To change the password, you will go to the person icon at the top right of the page, then select the pencil/note icon near the top left of the page. You will then be shown a pop-up to make the change of the old password to the new password.
-
If for some reason there is no default value shown for rows per page, you can enter 10 then click save. If this doesn't note and it doesn't accept your input, you can try a different browser using the webapp url to change the password.
-
- Create a new Virtual Machine in Azure Portal, following specified settings
| Setting | Value |
|---|---|
| Resource Group: | Vulnerability-Management (Same as Previous) |
| VM Name: | Win10-Vulnerable |
| Region: | Same as the OpenVAS VM (East US) |
| Virtual Network: | Same as OpenVAS (this is important) |
| Image: | Windows 10 Pro |
| Size: | Any size with 2 vCPUs |
| Username: | Labuser / incorrect! (whichever you prefer and easy to remember) |
| Networking: | Same Vnet as OpenVAS |
-
The other tabs that are associated with the VM were left as default and no additional changes were made.
-
Review Create → Create the VM
- Ensure you can RDP into the VM after it's created.
- While inside the vulnerable VM, Disable the Windows Firewall and install outdated software(be sure that this is done inside the virtual machine).
- You will install each of them with the defaults as there will be no changes/adjustments necessary here.
- Restart the VM and leave it for now.
- Log in to OpenVAS and add the Client VM's (Win-10 Vulnerable) private IP address as a new host.
- Hover over Assets → Host → New Host Icon at the top left.
- Create a new target named "Azure Vulnerable VMs" using the host information.
Note: Take note of the credentials as you scroll down the page below and leave them as their default. We will add SMB credentials later.
-
Create a new task named "Scan - Azure Vulnerable VMs" with the target.
- Hover over Scans → Task → New Task Icon at the top left
- Scan Targets → “Azure Vulnerable VMs” (This is the target that we created previously)
-
Start the scan and review the results once it's completed.
- The status will change from Requested → Queued → Percentage Loaded → Done
- After pressing the
▶️ button, the Status reflects to be loading
- Status is now Done and you can select the report to review the vulnerabilities for the uncredentialed scan.
- The status will change from Requested → Queued → Percentage Loaded → Done
-
To remove the filtered results of the report, you can select the
Xnear the top of the page and it will display more vulnerabilities.Note: Once the filter is removed here, it will display those that include a
0.0as their severity level as well.
Make necessary configurations within the vulnerable VM (Windows settings).
-
Disable Firewall (done in Task 2 if you happen to have missed it there)
-
Disable User Account Control
-
Enable Remote Registry
- Do a quick search for
Services.mscat the bottom left of the Windows machine. - Scroll down to Remote Registry → Double click (to select) → Startup Type set to
Automatic→ Start → Apply → OK.
- Do a quick search for
-
Set Registry Key
-
Launch Registry Editor (regedit.exe) in “Run as administrator” mode and grant Admin Approval, if requested
-
Navigate to HKEY_LOCAL_MACHINE hive
-
Open SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System key
-
Create a new DWORD (32-bit) value with the following properties:
-
-
Name: LocalAccountTokenFilterPolicy
- After DWORD (32-bit) is selected you will add
LocalAccountTokenFilterPolicywithout any spaces added.
- After DWORD (32-bit) is selected you will add
-
Value: 1
- Double click → LocalAccountTokenFilterPolicy → Change Value from 0 to 1 → OK
- Double click → LocalAccountTokenFilterPolicy → Change Value from 0 to 1 → OK
-
Close Registry Editor
-
Restart the VM
Make corresponding configurations in OpenVAS for credentialed scans.
- Go to Configuration → Credentials → New Credential
- Name / Comment → “Azure VM Credentials”
| Settings | Value |
|---|---|
| Allow Insecure Use: | Yes |
| Username: | azureuser |
| Password: | password (same password as vulnerable VM) |
-
Save
-
Go to Configuration → Targets → CLONE the Target we made before
-
NEW Name / Comment: “Azure Vulnerable VMs - Credentialed Scan”
-
Ensure the Private IP is still accurate
-
Credentials → SMB → Select the Credentials we just made: Azure VM Credentials
-
Save
Clone the previous scan task and edit it for credentialed scanning.
-
CLONE the “Scan - Azure Vulnerable VMs” Task, then Edit it:
-
Name / Comment → “Scan - Azure Vulnerable VMs - Credentialed”
-
Targets: Azure Vulnerable VMs - Credentialed Scan
-
Save
-
Click the
▶️ button to launch the new Credentialed Scan, and wait for it to finish
Note: Since this is a credentialed scan, it will take longer than the last one. Wait for it to finish
Launch the new credentialed scan and wait for it to finish.
Observe the differences in findings compared to the unauthenticated scan.
Results of the credentialed scan
Log back into the Win10-Vulnerable VM and uninstall outdated software.
- Search Control Panel → Uninstall Programs → Select Each Outdated of the Programs (VLC media player 1.1.7, Mozilla Firefox (x64 en-US), Adobe Reader X)
- Restart the VM to apply the changes.
Re-initiate the credentialed scan (“Scan - Azure Vulnerable VMs - Credentialed") and observe the updated results.
Note: In the trend column, we can notice that there is a downward trend now that we have removed the outdated programs.
- The vulnerabilities for FireFox, VLC Player, or Adobe ReaderWe are no longer present. Additionally, we can drill down into the results of the report to view the impact of the vulnerabilities that are remaining and the available solutions.
- Upon the completion of the lab, the resources can not be deleted and the easiest way for this to be done is by deleting the resource group as it contains all the resources.
This lab provided hands-on experience in setting up and using a vulnerability management scanner with Azure and OpenVAS. It highlighted the importance of proactive vulnerability management and the impact of misconfigurations and outdated software on system security.
Configuring OpenVAS for unauthenticated scans and performing the scans allowed me to identify vulnerabilities and understand the need for regular scanning to detect security risks.
Implementing credentialed scans and comparing the results with unauthenticated scans demonstrated the value of using proper credentials for accurate vulnerability identification.
Remediating vulnerabilities by uninstalling outdated software and verifying the changes through subsequent scans reinforced the importance of timely actions to reduce the attack surface.
This lab enhanced my understanding of vulnerability management and the continuous effort required for maintaining a secure environment. It emphasized the significance of proactive security practices, timely remediation, and the value of comprehensive scanning approaches.
I now possess practical knowledge and skills in vulnerability management using Azure and OpenVAS, ready to apply them in real-world scenarios and contribute to effective system protection.